Skip to content

S0498 Cryptoistic

Cryptoistic is a backdoor, written in Swift, that has been used by Lazarus Group.1

Item Value
ID S0498
Associated Names
Version 1.0
Created 10 August 2020
Last Modified 18 August 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1005 Data from Local System Cryptoistic can retrieve files from the local file system.1
enterprise T1573 Encrypted Channel Cryptoistic can engage in encrypted communications with C2.1
enterprise T1083 File and Directory Discovery Cryptoistic can scan a directory to identify files for deletion.1
enterprise T1070 Indicator Removal -
enterprise T1070.004 File Deletion Cryptoistic has the ability delete files from a compromised host.1
enterprise T1105 Ingress Tool Transfer Cryptoistic has the ability to send and receive files.1
enterprise T1095 Non-Application Layer Protocol Cryptoistic can use TCP in communications with C2.1
enterprise T1033 System Owner/User Discovery Cryptoistic can gather data on the user of a compromised host.1

Groups That Use This Software

ID Name References
G0032 Lazarus Group 1